Details of VAR-202309-1870

ID

VAR-202309-1870

CVE

CVE-2023-43135

TITLE

TP-LINK Technologies of TL-ER5120G Lack of Authentication Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-012796

DESCRIPTION

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. TP-LINK Technologies of TL-ER5120G A lack of authentication vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-43135 // JVNDB: JVNDB-2023-012796

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-er5120g	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	tp link	model:	tl-er5120g	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-er5120g	scope:	eq	version:	tl-er5120g firmware 2.0.0	Trust: 0.8
vendor:	tp link	model:	tl-er5120g	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-012796 // NVD: CVE-2023-43135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-43135
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-43135
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2023-43135
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-43135
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-012796 // NVD: CVE-2023-43135

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.0
problemtype:	Lack of authentication (CWE-862) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-012796 // NVD: CVE-2023-43135

EXTERNAL IDS

db:	NVD	id:	CVE-2023-43135	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-012796	Trust: 0.8

sources: JVNDB: JVNDB-2023-012796 // NVD: CVE-2023-43135

REFERENCES

url:	https://github.com/7r4c4r/cve/blob/main/tplink-tl-er5120g/unauthorized%20access/unauthorized%20access%20vulnerability.md	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-43135	Trust: 0.8

sources: JVNDB: JVNDB-2023-012796 // NVD: CVE-2023-43135

SOURCES

db:	JVNDB	id:	JVNDB-2023-012796
db:	NVD	id:	CVE-2023-43135

LAST UPDATE DATE

2024-08-14T15:31:51.069000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-012796	date:	2023-12-19T05:57:00
db:	NVD	id:	CVE-2023-43135	date:	2023-09-22T02:14:08.313

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-012796	date:	2023-12-19T00:00:00
db:	NVD	id:	CVE-2023-43135	date:	2023-09-20T22:15:13.640